SlideShare a Scribd company logo

Mikrotik router documentation ( Prepare by Mr. Chetra PO )

C
Chetra PO

This document provides instructions for configuring various network services on a Mikrotik router including: 1. Assigning IP addresses via command line and configuring DHCP and DNS server. 2. Allowing client devices to access the internet by configuring routing and NAT. 3. Blocking specific websites by adding filter rules to drop traffic to the site. 4. Setting up a hotspot to provide guest wireless access and limiting bandwidth for different user profiles on the hotspot. It includes screenshots and step-by-step explanations for carrying out common Mikrotik router configuration tasks such as IP address assignment, enabling internet access, blocking websites, and setting up a bandwidth-limited hotspot.

Technology
1 of 73
Download to read offline
P a g e 1 | 73
P a g e 2 | 73 Table of Contents 1. How to assign IP address with command line..............................................................................3 2. Configure DHCP and DNS Server......................................................................................................3  Let’s Client test DHCP ...........................................................................................................................7 3. Allow clients access Internet ............................................................................................................11  Let’s Client Test access internet......................................................................................................13  Configure NAT........................................................................................................................................14  Let’s Client Test access internet again..........................................................................................16 4. Block Website or Domain...................................................................................................................17  Let’s Client Test.....................................................................................................................................20 5. Configure Hotspot.................................................................................................................................21  Limit user bandwidth based on user profile of Hotspot ..........................................................25  Let’s Client Test Speed AWS-IT.......................................................................................................28  Let’s Client Test Speed AWS-HR.....................................................................................................29  Bypassing.................................................................................................................................................30  IP Binding ............................................................................................................................................30  Walled Garden....................................................................................................................................32 6. Setup and Configure User Manager with Hotspot.....................................................................34 7. Configure VPN Server..........................................................................................................................40  Enable VPN Server (PPTP Server)...................................................................................................40  Create Pool of VPN ...............................................................................................................................41  Create VPN Profile ................................................................................................................................42  Create User of VPN to authentication............................................................................................42 8. Configure VPN Client ...........................................................................................................................43 9. Configure VPN Site-to-Site................................................................................................................48  On Router Site-1...................................................................................................................................48  Change Hostname and interface on Router (Site-1) ...........................................................48  Create Peer .........................................................................................................................................51  Change Proposal................................................................................................................................52  Create Policies....................................................................................................................................53  Create Firewall NAT bypass...........................................................................................................54  On Router Site-2...................................................................................................................................55  Change Hostname and interface on Router (Site-2) ...........................................................55  Create Peer .........................................................................................................................................57  Change Proposals .............................................................................................................................59  Create Policies....................................................................................................................................59  Create Firewall NAT bypass...........................................................................................................60  Let’s Testing VPN Site-to-Site..........................................................................................................61  On Router Site-1...............................................................................................................................61  On Router Site-2...............................................................................................................................64 10. Configure Proxy (Cache)....................................................................................................................66  Enable Web Proxy.................................................................................................................................66  Transparent Proxy ................................................................................................................................68  Block websites, extensions and redirect website......................................................................70
P a g e 3 | 73 1.How to assign IP address with command line On Mikrotik Router OS you can assign IP address by command line and interface. This this how to assign IP address with command line, please follow it. 2.Configure DHCP and DNS Server The first of all, you should configure DNS. Please follow this pictures below.
P a g e 4 | 73 After you configure DNS already, please configure DHCP to let client get IP address automatically from Mikrotik Router. Please follow in this pictures!
P a g e 5 | 73 In this point you just click on DHCP Setup. After then, you just choose which interface that you want provide IP address to client and then, click next and next.
P a g e 6 | 73 In this point you can select pool of IP give out that you want. For example, 99 IP address, so should 192.168.5.2-192.168.5.100
P a g e 7 | 73 Let’s Client test DHCP You can type this command ncpa.cpl and then double click on Local Area Connection
P a g e 8 | 73 In this point just click Properties Please click on Internet Protocol Version 4 (TCP/IPv4) and then click Properties
P a g e 9 | 73 Click on Obtain an IP address automatically and Obtain DNS server address automatically, after then click OK. Please release your IP address by use command > ipconfig/release and then use command > ipconfig/renew to get IP address, after then test ping to WAN and LAN
P a g e 10 | 73
P a g e 11 | 73 3.Allow clients access Internet To allow clients can access Internet, you make sure that you configured Rote and NAT, so please follow this picture. This point mean that Mikrotik Router cannot access to internet, so please do route.
P a g e 12 | 73 On Gateway, please put IP Gateway of WAN. And then click Apply > OK
P a g e 13 | 73 Let’s Mikrotik Router ping to internet like > ping 8.8.8.8 Let’s Client Test access internet In this case client cannot access to Internet because, you not yet configure NAT, so please configure NAT.
P a g e 14 | 73 Configure NAT To configure NAT, please follow this pictures. Go to IP > Firewall Click on NAT and then add it by use (+)
P a g e 15 | 73 In General, Chain: srcnat and Out. Interface: ether1 (interface that connect with WAN) In Action, Action:masquerade and then click Apply and OK Note: masquerade is a method that used to translate IP Private to IP Public (Internet). It means that, your IP Private cannot communication with Internet. If you want IP Private can communication with Internet, you just configure NAT and choose the Action masquerade.
P a g e 16 | 73 Let’s Client Test access internet again
P a g e 17 | 73 4.Block Website or Domain In this point you can block all website that you want, but I will block only facebook. Click IP > Firewall
P a g e 18 | 73 Click on Filter Rules and then click + to add website to block it. In General, Chain: Forward
P a g e 19 | 73 In Advanced, on the Content : facebook.com (put website that you want to block) In Action, Action: drop and then click Apply and OK
P a g e 20 | 73 Let’s Client Test Client cannot access website facebook.com because we block it at the moment.
P a g e 21 | 73 5.Configure Hotspot To configure hotspot, please follow on this pictures. Go to IP > Hotspot In this point you just click Hotspot Setup
P a g e 22 | 73 Choose interface that you want to share your hotspot (interface LAN). And then click Next. You just click Next. Select pool for Hotspot addresses and then click Next.
P a g e 23 | 73
P a g e 24 | 73 It is default of user in Mikrotik Router. This point is successfully and then click OK. Note: when you click OK it will disconnect to Router, so you must login hotspot first and then you can connect to Router as normal.
P a g e 25 | 73 When you access to internet, it will alert authentication from hotspot. Limit user bandwidth based on user profile of Hotspot
P a g e 26 | 73 You can create user profile name that you want and then, on Rate Limit: 1024k/4096k (upload/download), after then, click Apply and OK This point you need to create user to login your hotspot service. Click Users > +
P a g e 27 | 73 In General, Name: AWS-IT (name that you want) and assign password on this user. After then on Profile: Technical Department (User Profile that you create) and click Apply > OK Now I will create one more User Profile name HR Department and Rate Limit: 1024k/2048k click Apply > OK
P a g e 28 | 73 Create one more User for HR Department Profile. Follow it. Let’s Client Test Speed AWS-IT This is user AWS-IT in Technical Department.
P a g e 29 | 73 Speed that AWS-IT have 1024k/4096k Let’s Client Test Speed AWS-HR This is user AWS-HR in HR Department
P a g e 30 | 73 Speed that AWS-HR have 1024k/2048k Bypassing  IP Binding IP Binding is an option that we used to specific user that can access internet without authentication from web page (Hotspot) based on IP address and mac address of user. This is an IP address of user, it can access internet by authentication from Hotspot
P a g e 31 | 73 Before we configure IP Binding, This IP address of user have authentication of Hotspot Service. This a Physical Address or Mac address of user, just type > ipconfig/all to see it.
P a g e 32 | 73 This is the point that show you about how to configure it. Please follow it. The first, into IP > Hotspot > IP Bindings > + and then put mac address and IP address of user, on the Type point, you just choose bypassed and then click Apply > OK Did you see, this IP address of user can access internet without authentication from Hotspot service.  Walled Garden Walled Garden is an option that we used to access internet by specific website without authentication from Hotspot service based on IP address of user. Please remember that, if you had configure IP Bindings, you should disable it first, and then you can configure Walled Garden. Note: If different user or IP address no need to disable IP Binding. But in this picture I choose the same user or IP address to test it.
P a g e 33 | 73 The first, Please disable IP Bindings. Click on Walled Garden > + and then put IP address of User that you want it to access specific website, after then put the website that you want user access it. Click Apply > OK.
P a g e 34 | 73 6.Setup and Configure User Manager with Hotspot
P a g e 35 | 73
P a g e 36 | 73 Take IP address of WAN in router to access User Manager like picture show.
P a g e 37 | 73 Create Profiles to Limit time and Speed upload and download
P a g e 38 | 73
P a g e 39 | 73 Let’s test access to internet.
P a g e 40 | 73 Test Speed that you limit. 7.Configure VPN Server Enable VPN Server (PPTP Server) To configure VPN Server Point to Point, the first, just enable PPTP Server. PPP > Interface > PPTP Server and then click Enable
P a g e 41 | 73 Create Pool of VPN To create pool just go to IP > Pool. Why we need creat pool of VPN? Because we don’t want other side know our IP address of our LAN, so when we use this pool, network out side that want to connect our VPN will get the IP address that we create in Pool of VPN. Click + and then assign name of pool and assign address of pool.
P a g e 42 | 73 Create VPN Profile Go to PPP > Profile assign name of profile and put Local address and choose Remote address, don’t forget put DNS Server. Create User of VPN to authentication Go to PPP > Secrets and then assign name and password on the Profile point just choose Profile of VPN that you created.
P a g e 43 | 73 8.Configure VPN Client We need to configure VPN Client to let client can remote to VPN Server. In Control Panel > Network and Internet > Network and Sharing Center and then follow in this picture
P a g e 44 | 73
P a g e 45 | 73 This the name of VPN that you create.
P a g e 46 | 73 When it finished, it will show you like this.
P a g e 47 | 73 When you connect VPN done, you can see the IP address of VPN Pool that you assign on Pool. Double click on VPN Connection and then click Details…
P a g e 48 | 73 This is the IP Pool of VPN. 9.Configure VPN Site-to-Site To configure VPN Site-to-Site, the first, make sure that both of site can access to internet. On Router Site-1  Change Hostname and interface on Router (Site-1)
P a g e 49 | 73
P a g e 50 | 73 Assign IP address on each interface
P a g e 51 | 73 For this point make sure you were configured NAT by masquerade and Route. And then let’s client access internet.  Create Peer Before you create peer, you should create rule of IPsec first. Please follow this picture. Why we need create peer? Because we want to get information from other site (Site-2) to communication to each other. Please follow this picture!!!
P a g e 52 | 73 On the Address please put IP of WAN in Site-2  Change Proposal On the Proposals menu, you just double click like picture show and then, change proposals follow your encryption.
P a g e 53 | 73  Create Policies After we create Peer and change Proposals already, please create policies to put some information of each Router to know each other. So in General menu, you just follow in this picture. NOTE: Src. Address: 192.168.5.0/24 is the Network IP of LAN in Router Site-1 Dst. Addrsss: 192.168.6.0/24 is the Network IP of LAN in Router Site-2 On the Action menu, just follow in this picture. IP 192.168.1.109 is the IP of WAN in Router Site-1 and IP 192.168.1.110 is the IP of WAN in Router Site-2
P a g e 54 | 73  Create Firewall NAT bypass We need to create firewall nat bypass to let both of sites can communication. Please follow this picture.
P a g e 55 | 73 For this point you must put Nat bypass rule the top of other rule in firewall Nat. On Router Site-2  Change Hostname and interface on Router (Site-2)
P a g e 56 | 73 Assign IP on each interface
P a g e 57 | 73 Make sure that you were configured NAT by masquerade and Route already.  Create Peer
P a g e 58 | 73
P a g e 59 | 73  Change Proposals  Create Policies After we create Peer and change Proposals already, please create policies to put some information of each Router to know each other. So in General menu, you just follow in this picture. NOTE: Src. Address: 192.168.6.0/24 is the Network IP of LAN in Router Site-2 Dst. Addrsss: 192.168.5.0/24 is the Network IP of LAN in Router Site-1
P a g e 60 | 73 On the Action menu, just follow in this picture. IP 192.168.1.109 is the IP of WAN in Router Site-1 and IP 192.168.1.110 is the IP of WAN in Router Site-2  Create Firewall NAT bypass
P a g e 61 | 73 Let’s Testing VPN Site-to-Site  On Router Site-1 The first please Test ping to IP address of Site-2
P a g e 62 | 73 After you test ping to each other already, please test with file share. Please follow this pictures
P a g e 63 | 73
P a g e 64 | 73 On client of Site-2, please test access file share from Site-1  On Router Site-2
P a g e 65 | 73
P a g e 66 | 73 10. Configure Proxy (Cache) Enable Web Proxy
P a g e 67 | 73 Client cannot access Internet without Proxy, so please configure proxy of client follow this pictures IP address that put is IP address of LAN.
P a g e 68 | 73 After assign it already, please test access Internet. Transparent Proxy To make transparent proxy, you should create firewall nat (dstnat). Follow this pictures
P a g e 69 | 73 On Action menu, please choose redirect and to port 8080 Let’s client test without assign IP of Proxy. Please follow in this pictures
P a g e 70 | 73 Let’s client access to internet. Block websites, extensions and redirect website This point I will block youtube.com
P a g e 71 | 73 In this point I will block extensions (.mp3) Test access to youtube.com website
P a g e 72 | 73 Test download mp3, please follow in this pictures This point I will block sabay.com and redirect to awspl.com website. Please follow this picture
P a g e 73 | 73 Test access sabay.com and it will redirect to awspl.com This are some references Setting up a Mikrotik Hotspot with UserManager (Step-By-Step) ~ Binary Heartbeat Howto to enable Mikrotik RouterOS Web Proxy in Transparent Mode | Syed Jahanzaib Personal Blog to Share Knowledge ! Mikrotik IPSEC Site-to-Site – TNSolutions http://routeros.butchevans.com/routeros-6.27/all_packages_mipsbe/ Limit number connection based on user profile, Mikrotik Hotspot - OA Ultimate

Recommended

How to -_deploy_cyberoam_in_gateway_mode
How to -_deploy_cyberoam_in_gateway_modeHow to -_deploy_cyberoam_in_gateway_mode
How to -_deploy_cyberoam_in_gateway_mode
fankrid
 
Installing the dhcp server role
Installing the dhcp server roleInstalling the dhcp server role
Installing the dhcp server rolemuneerepckd
 
Networking DHCP server Setup Reports
Networking DHCP server Setup ReportsNetworking DHCP server Setup Reports
Networking DHCP server Setup Reports
Jiaul Hasan Jony
 
Lesson 6: Dynamic Host Configuration Protocol B
Lesson 6: Dynamic Host Configuration Protocol BLesson 6: Dynamic Host Configuration Protocol B
Lesson 6: Dynamic Host Configuration Protocol B
Mahmmoud Mahdi
 
Lesson 10: Managing Printers
Lesson 10: Managing PrintersLesson 10: Managing Printers
Lesson 10: Managing Printers
Mahmmoud Mahdi
 
Dhcp
DhcpDhcp
Dhcp
Tapan Khilar
 
Dhcp server and windows 2012
Dhcp server and windows 2012Dhcp server and windows 2012
Dhcp server and windows 2012
HEM Sothon
 
Gsm bss-network-kpi-tch-assignment-success-rate-optimization-manual(asr)
Gsm bss-network-kpi-tch-assignment-success-rate-optimization-manual(asr)Gsm bss-network-kpi-tch-assignment-success-rate-optimization-manual(asr)
Gsm bss-network-kpi-tch-assignment-success-rate-optimization-manual(asr)Ayann Khan
 

Recommended

How to -_deploy_cyberoam_in_gateway_mode
How to -_deploy_cyberoam_in_gateway_modeHow to -_deploy_cyberoam_in_gateway_mode
How to -_deploy_cyberoam_in_gateway_mode
fankrid
 
Installing the dhcp server role
Installing the dhcp server roleInstalling the dhcp server role
Installing the dhcp server rolemuneerepckd
 
Networking DHCP server Setup Reports
Networking DHCP server Setup ReportsNetworking DHCP server Setup Reports
Networking DHCP server Setup Reports
Jiaul Hasan Jony
 
Lesson 6: Dynamic Host Configuration Protocol B
Lesson 6: Dynamic Host Configuration Protocol BLesson 6: Dynamic Host Configuration Protocol B
Lesson 6: Dynamic Host Configuration Protocol B
Mahmmoud Mahdi
 
Lesson 10: Managing Printers
Lesson 10: Managing PrintersLesson 10: Managing Printers
Lesson 10: Managing Printers
Mahmmoud Mahdi
 
Dhcp
DhcpDhcp
Dhcp
Tapan Khilar
 
Dhcp server and windows 2012
Dhcp server and windows 2012Dhcp server and windows 2012
Dhcp server and windows 2012
HEM Sothon
 
Gsm bss-network-kpi-tch-assignment-success-rate-optimization-manual(asr)
Gsm bss-network-kpi-tch-assignment-success-rate-optimization-manual(asr)Gsm bss-network-kpi-tch-assignment-success-rate-optimization-manual(asr)
Gsm bss-network-kpi-tch-assignment-success-rate-optimization-manual(asr)Ayann Khan
 
Dhcp
DhcpDhcp
Dhcptameemyousaf
 
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleWebinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Netgear Italia
 
Pmw2 k3ni 1-2a
Pmw2 k3ni 1-2aPmw2 k3ni 1-2a
Pmw2 k3ni 1-2ahariclant1
 
Configuring Dhcp Server, Scopes & Superscopes
Configuring Dhcp Server, Scopes & SuperscopesConfiguring Dhcp Server, Scopes & Superscopes
Configuring Dhcp Server, Scopes & Superscopes
jocelyn_tanner
 
Dhcp presentation
Dhcp presentationDhcp presentation
Dhcp presentation
Saqib Malik
 
Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
gueste98b36
 
dynamic host configuration protocol
dynamic host configuration protocoldynamic host configuration protocol
dynamic host configuration protocol
kinish kumar
 
Ways to Prevent Email Abuse
Ways to Prevent Email AbuseWays to Prevent Email Abuse
Ways to Prevent Email Abuse
HTS Hosting
 
My Journal
My JournalMy Journal
My JournalSanaullah Kawsar
 
Installing and configuring a dhcp on windows server 2016 step by step
Installing and configuring a dhcp on windows server 2016 step by stepInstalling and configuring a dhcp on windows server 2016 step by step
Installing and configuring a dhcp on windows server 2016 step by step
Ahmed Abdelwahed
 
System installation in CCTV
System installation in CCTVSystem installation in CCTV
System installation in CCTV
hepzijustin
 
Router configuracion acuse 512
Router configuracion acuse 512Router configuracion acuse 512
Router configuracion acuse 512
Neftali Morillo
 
How to publish your NAS on the Internet?
How to publish your NAS on the Internet?How to publish your NAS on the Internet?
How to publish your NAS on the Internet?Thecus Technology Corp.,
 
Dhcp, dns and proxy server (1)
Dhcp, dns and proxy server (1)Dhcp, dns and proxy server (1)
Dhcp, dns and proxy server (1)Sahira Khan
 
Nat Server Configuration Steps
Nat Server Configuration StepsNat Server Configuration Steps
Nat Server Configuration StepsPasala Jayaraju
 
7106506104 tl wa701-nd(eu)_2.0_qig
7106506104 tl wa701-nd(eu)_2.0_qig7106506104 tl wa701-nd(eu)_2.0_qig
7106506104 tl wa701-nd(eu)_2.0_qig
Cesar Estela Zarate
 
Mikrotik pcq
Mikrotik pcqMikrotik pcq
Mikrotik pcq
Putra Jambak
 
7106503678 td w8961-nd_qig
7106503678 td w8961-nd_qig7106503678 td w8961-nd_qig
7106503678 td w8961-nd_qig
Akibo Davies
 
Tutorial mikrotik step by step
Tutorial mikrotik step by stepTutorial mikrotik step by step
Tutorial mikrotik step by step
Dewa Ketut Setiawan
 
Configuring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingConfiguring sonic wall__port_forwarding
Configuring sonic wall__port_forwarding
Helmer Villarreal
 
L2 tp i-psec vpn on windows server 2016 step by step
L2 tp i-psec vpn on windows server 2016 step by stepL2 tp i-psec vpn on windows server 2016 step by step
L2 tp i-psec vpn on windows server 2016 step by step
Ahmed Abdelwahed
 
DHCP windows server 2012
DHCP windows server 2012DHCP windows server 2012
DHCP windows server 2012
Ahmed abdulmani
 

More Related Content

What's hot

Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleWebinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Netgear Italia
 
Pmw2 k3ni 1-2a
Pmw2 k3ni 1-2aPmw2 k3ni 1-2a
Pmw2 k3ni 1-2ahariclant1
 
Configuring Dhcp Server, Scopes & Superscopes
Configuring Dhcp Server, Scopes & SuperscopesConfiguring Dhcp Server, Scopes & Superscopes
Configuring Dhcp Server, Scopes & Superscopes
jocelyn_tanner
 
Dhcp presentation
Dhcp presentationDhcp presentation
Dhcp presentation
Saqib Malik
 
Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
gueste98b36
 
dynamic host configuration protocol
dynamic host configuration protocoldynamic host configuration protocol
dynamic host configuration protocol
kinish kumar
 
Ways to Prevent Email Abuse
Ways to Prevent Email AbuseWays to Prevent Email Abuse
Ways to Prevent Email Abuse
HTS Hosting
 

What's hot (8)

Dhcp
DhcpDhcp
Dhcp
 
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleWebinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
 
Pmw2 k3ni 1-2a
Pmw2 k3ni 1-2aPmw2 k3ni 1-2a
Pmw2 k3ni 1-2a
 
Configuring Dhcp Server, Scopes & Superscopes
Configuring Dhcp Server, Scopes & SuperscopesConfiguring Dhcp Server, Scopes & Superscopes
Configuring Dhcp Server, Scopes & Superscopes
 
Dhcp presentation
Dhcp presentationDhcp presentation
Dhcp presentation
 
Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
 
dynamic host configuration protocol
dynamic host configuration protocoldynamic host configuration protocol
dynamic host configuration protocol
 
Ways to Prevent Email Abuse
Ways to Prevent Email AbuseWays to Prevent Email Abuse
Ways to Prevent Email Abuse
 

Similar to Mikrotik router documentation ( Prepare by Mr. Chetra PO )

Installing and configuring a dhcp on windows server 2016 step by step
Installing and configuring a dhcp on windows server 2016 step by stepInstalling and configuring a dhcp on windows server 2016 step by step
Installing and configuring a dhcp on windows server 2016 step by step
Ahmed Abdelwahed
 
System installation in CCTV
System installation in CCTVSystem installation in CCTV
System installation in CCTV
hepzijustin
 
Router configuracion acuse 512
Router configuracion acuse 512Router configuracion acuse 512
Router configuracion acuse 512
Neftali Morillo
 
Dhcp, dns and proxy server (1)
Dhcp, dns and proxy server (1)Dhcp, dns and proxy server (1)
Dhcp, dns and proxy server (1)Sahira Khan
 
Nat Server Configuration Steps
Nat Server Configuration StepsNat Server Configuration Steps
Nat Server Configuration StepsPasala Jayaraju
 
7106506104 tl wa701-nd(eu)_2.0_qig
7106506104 tl wa701-nd(eu)_2.0_qig7106506104 tl wa701-nd(eu)_2.0_qig
7106506104 tl wa701-nd(eu)_2.0_qig
Cesar Estela Zarate
 
Mikrotik pcq
Mikrotik pcqMikrotik pcq
Mikrotik pcq
Putra Jambak
 
7106503678 td w8961-nd_qig
7106503678 td w8961-nd_qig7106503678 td w8961-nd_qig
7106503678 td w8961-nd_qig
Akibo Davies
 
Tutorial mikrotik step by step
Tutorial mikrotik step by stepTutorial mikrotik step by step
Tutorial mikrotik step by step
Dewa Ketut Setiawan
 
Configuring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingConfiguring sonic wall__port_forwarding
Configuring sonic wall__port_forwarding
Helmer Villarreal
 
L2 tp i-psec vpn on windows server 2016 step by step
L2 tp i-psec vpn on windows server 2016 step by stepL2 tp i-psec vpn on windows server 2016 step by step
L2 tp i-psec vpn on windows server 2016 step by step
Ahmed Abdelwahed
 
DHCP windows server 2012
DHCP windows server 2012DHCP windows server 2012
DHCP windows server 2012
Ahmed abdulmani
 
T hin client configuration
T hin client configurationT hin client configuration
T hin client configuration
ALICO HI-TECH INSTITUTES
 
Manual wireless router cnet cwr 854
Manual wireless router cnet cwr 854Manual wireless router cnet cwr 854
Manual wireless router cnet cwr 854
fgonzalez2005
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Jiunn-Jer Sun
 
Wireless lab4902
Wireless lab4902Wireless lab4902
Wireless lab4902mark scott
 

Similar to Mikrotik router documentation ( Prepare by Mr. Chetra PO ) (20)

My Journal
My JournalMy Journal
My Journal
 
Installing and configuring a dhcp on windows server 2016 step by step
Installing and configuring a dhcp on windows server 2016 step by stepInstalling and configuring a dhcp on windows server 2016 step by step
Installing and configuring a dhcp on windows server 2016 step by step
 
System installation in CCTV
System installation in CCTVSystem installation in CCTV
System installation in CCTV
 
Router configuracion acuse 512
Router configuracion acuse 512Router configuracion acuse 512
Router configuracion acuse 512
 
How to publish your NAS on the Internet?
How to publish your NAS on the Internet?How to publish your NAS on the Internet?
How to publish your NAS on the Internet?
 
Dhcp, dns and proxy server (1)
Dhcp, dns and proxy server (1)Dhcp, dns and proxy server (1)
Dhcp, dns and proxy server (1)
 
Nat Server Configuration Steps
Nat Server Configuration StepsNat Server Configuration Steps
Nat Server Configuration Steps
 
7106506104 tl wa701-nd(eu)_2.0_qig
7106506104 tl wa701-nd(eu)_2.0_qig7106506104 tl wa701-nd(eu)_2.0_qig
7106506104 tl wa701-nd(eu)_2.0_qig
 
Mikrotik pcq
Mikrotik pcqMikrotik pcq
Mikrotik pcq
 
7106503678 td w8961-nd_qig
7106503678 td w8961-nd_qig7106503678 td w8961-nd_qig
7106503678 td w8961-nd_qig
 
Tutorial mikrotik step by step
Tutorial mikrotik step by stepTutorial mikrotik step by step
Tutorial mikrotik step by step
 
Configuring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingConfiguring sonic wall__port_forwarding
Configuring sonic wall__port_forwarding
 
L2 tp i-psec vpn on windows server 2016 step by step
L2 tp i-psec vpn on windows server 2016 step by stepL2 tp i-psec vpn on windows server 2016 step by step
L2 tp i-psec vpn on windows server 2016 step by step
 
DHCP windows server 2012
DHCP windows server 2012DHCP windows server 2012
DHCP windows server 2012
 
T hin client configuration
T hin client configurationT hin client configuration
T hin client configuration
 
Manual wireless router cnet cwr 854
Manual wireless router cnet cwr 854Manual wireless router cnet cwr 854
Manual wireless router cnet cwr 854
 
Wintel ppt for dhcp
Wintel ppt for dhcpWintel ppt for dhcp
Wintel ppt for dhcp
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
 
Wireless lab4902
Wireless lab4902Wireless lab4902
Wireless lab4902
 
Aruba instant iap setup rev3
Aruba instant iap setup rev3Aruba instant iap setup rev3
Aruba instant iap setup rev3
 

Recently uploaded

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 

Recently uploaded (20)

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 

Mikrotik router documentation ( Prepare by Mr. Chetra PO )

  • 1. P a g e 1 | 73
  • 2. P a g e 2 | 73 Table of Contents 1. How to assign IP address with command line..............................................................................3 2. Configure DHCP and DNS Server......................................................................................................3  Let’s Client test DHCP ...........................................................................................................................7 3. Allow clients access Internet ............................................................................................................11  Let’s Client Test access internet......................................................................................................13  Configure NAT........................................................................................................................................14  Let’s Client Test access internet again..........................................................................................16 4. Block Website or Domain...................................................................................................................17  Let’s Client Test.....................................................................................................................................20 5. Configure Hotspot.................................................................................................................................21  Limit user bandwidth based on user profile of Hotspot ..........................................................25  Let’s Client Test Speed AWS-IT.......................................................................................................28  Let’s Client Test Speed AWS-HR.....................................................................................................29  Bypassing.................................................................................................................................................30  IP Binding ............................................................................................................................................30  Walled Garden....................................................................................................................................32 6. Setup and Configure User Manager with Hotspot.....................................................................34 7. Configure VPN Server..........................................................................................................................40  Enable VPN Server (PPTP Server)...................................................................................................40  Create Pool of VPN ...............................................................................................................................41  Create VPN Profile ................................................................................................................................42  Create User of VPN to authentication............................................................................................42 8. Configure VPN Client ...........................................................................................................................43 9. Configure VPN Site-to-Site................................................................................................................48  On Router Site-1...................................................................................................................................48  Change Hostname and interface on Router (Site-1) ...........................................................48  Create Peer .........................................................................................................................................51  Change Proposal................................................................................................................................52  Create Policies....................................................................................................................................53  Create Firewall NAT bypass...........................................................................................................54  On Router Site-2...................................................................................................................................55  Change Hostname and interface on Router (Site-2) ...........................................................55  Create Peer .........................................................................................................................................57  Change Proposals .............................................................................................................................59  Create Policies....................................................................................................................................59  Create Firewall NAT bypass...........................................................................................................60  Let’s Testing VPN Site-to-Site..........................................................................................................61  On Router Site-1...............................................................................................................................61  On Router Site-2...............................................................................................................................64 10. Configure Proxy (Cache)....................................................................................................................66  Enable Web Proxy.................................................................................................................................66  Transparent Proxy ................................................................................................................................68  Block websites, extensions and redirect website......................................................................70
  • 3. P a g e 3 | 73 1.How to assign IP address with command line On Mikrotik Router OS you can assign IP address by command line and interface. This this how to assign IP address with command line, please follow it. 2.Configure DHCP and DNS Server The first of all, you should configure DNS. Please follow this pictures below.
  • 4. P a g e 4 | 73 After you configure DNS already, please configure DHCP to let client get IP address automatically from Mikrotik Router. Please follow in this pictures!
  • 5. P a g e 5 | 73 In this point you just click on DHCP Setup. After then, you just choose which interface that you want provide IP address to client and then, click next and next.
  • 6. P a g e 6 | 73 In this point you can select pool of IP give out that you want. For example, 99 IP address, so should 192.168.5.2-192.168.5.100
  • 7. P a g e 7 | 73 Let’s Client test DHCP You can type this command ncpa.cpl and then double click on Local Area Connection
  • 8. P a g e 8 | 73 In this point just click Properties Please click on Internet Protocol Version 4 (TCP/IPv4) and then click Properties
  • 9. P a g e 9 | 73 Click on Obtain an IP address automatically and Obtain DNS server address automatically, after then click OK. Please release your IP address by use command > ipconfig/release and then use command > ipconfig/renew to get IP address, after then test ping to WAN and LAN
  • 10. P a g e 10 | 73
  • 11. P a g e 11 | 73 3.Allow clients access Internet To allow clients can access Internet, you make sure that you configured Rote and NAT, so please follow this picture. This point mean that Mikrotik Router cannot access to internet, so please do route.
  • 12. P a g e 12 | 73 On Gateway, please put IP Gateway of WAN. And then click Apply > OK
  • 13. P a g e 13 | 73 Let’s Mikrotik Router ping to internet like > ping 8.8.8.8 Let’s Client Test access internet In this case client cannot access to Internet because, you not yet configure NAT, so please configure NAT.
  • 14. P a g e 14 | 73 Configure NAT To configure NAT, please follow this pictures. Go to IP > Firewall Click on NAT and then add it by use (+)
  • 15. P a g e 15 | 73 In General, Chain: srcnat and Out. Interface: ether1 (interface that connect with WAN) In Action, Action:masquerade and then click Apply and OK Note: masquerade is a method that used to translate IP Private to IP Public (Internet). It means that, your IP Private cannot communication with Internet. If you want IP Private can communication with Internet, you just configure NAT and choose the Action masquerade.
  • 16. P a g e 16 | 73 Let’s Client Test access internet again
  • 17. P a g e 17 | 73 4.Block Website or Domain In this point you can block all website that you want, but I will block only facebook. Click IP > Firewall
  • 18. P a g e 18 | 73 Click on Filter Rules and then click + to add website to block it. In General, Chain: Forward
  • 19. P a g e 19 | 73 In Advanced, on the Content : facebook.com (put website that you want to block) In Action, Action: drop and then click Apply and OK
  • 20. P a g e 20 | 73 Let’s Client Test Client cannot access website facebook.com because we block it at the moment.
  • 21. P a g e 21 | 73 5.Configure Hotspot To configure hotspot, please follow on this pictures. Go to IP > Hotspot In this point you just click Hotspot Setup
  • 22. P a g e 22 | 73 Choose interface that you want to share your hotspot (interface LAN). And then click Next. You just click Next. Select pool for Hotspot addresses and then click Next.
  • 23. P a g e 23 | 73
  • 24. P a g e 24 | 73 It is default of user in Mikrotik Router. This point is successfully and then click OK. Note: when you click OK it will disconnect to Router, so you must login hotspot first and then you can connect to Router as normal.
  • 25. P a g e 25 | 73 When you access to internet, it will alert authentication from hotspot. Limit user bandwidth based on user profile of Hotspot
  • 26. P a g e 26 | 73 You can create user profile name that you want and then, on Rate Limit: 1024k/4096k (upload/download), after then, click Apply and OK This point you need to create user to login your hotspot service. Click Users > +
  • 27. P a g e 27 | 73 In General, Name: AWS-IT (name that you want) and assign password on this user. After then on Profile: Technical Department (User Profile that you create) and click Apply > OK Now I will create one more User Profile name HR Department and Rate Limit: 1024k/2048k click Apply > OK
  • 28. P a g e 28 | 73 Create one more User for HR Department Profile. Follow it. Let’s Client Test Speed AWS-IT This is user AWS-IT in Technical Department.
  • 29. P a g e 29 | 73 Speed that AWS-IT have 1024k/4096k Let’s Client Test Speed AWS-HR This is user AWS-HR in HR Department
  • 30. P a g e 30 | 73 Speed that AWS-HR have 1024k/2048k Bypassing  IP Binding IP Binding is an option that we used to specific user that can access internet without authentication from web page (Hotspot) based on IP address and mac address of user. This is an IP address of user, it can access internet by authentication from Hotspot
  • 31. P a g e 31 | 73 Before we configure IP Binding, This IP address of user have authentication of Hotspot Service. This a Physical Address or Mac address of user, just type > ipconfig/all to see it.
  • 32. P a g e 32 | 73 This is the point that show you about how to configure it. Please follow it. The first, into IP > Hotspot > IP Bindings > + and then put mac address and IP address of user, on the Type point, you just choose bypassed and then click Apply > OK Did you see, this IP address of user can access internet without authentication from Hotspot service.  Walled Garden Walled Garden is an option that we used to access internet by specific website without authentication from Hotspot service based on IP address of user. Please remember that, if you had configure IP Bindings, you should disable it first, and then you can configure Walled Garden. Note: If different user or IP address no need to disable IP Binding. But in this picture I choose the same user or IP address to test it.
  • 33. P a g e 33 | 73 The first, Please disable IP Bindings. Click on Walled Garden > + and then put IP address of User that you want it to access specific website, after then put the website that you want user access it. Click Apply > OK.
  • 34. P a g e 34 | 73 6.Setup and Configure User Manager with Hotspot
  • 35. P a g e 35 | 73
  • 36. P a g e 36 | 73 Take IP address of WAN in router to access User Manager like picture show.
  • 37. P a g e 37 | 73 Create Profiles to Limit time and Speed upload and download
  • 38. P a g e 38 | 73
  • 39. P a g e 39 | 73 Let’s test access to internet.
  • 40. P a g e 40 | 73 Test Speed that you limit. 7.Configure VPN Server Enable VPN Server (PPTP Server) To configure VPN Server Point to Point, the first, just enable PPTP Server. PPP > Interface > PPTP Server and then click Enable
  • 41. P a g e 41 | 73 Create Pool of VPN To create pool just go to IP > Pool. Why we need creat pool of VPN? Because we don’t want other side know our IP address of our LAN, so when we use this pool, network out side that want to connect our VPN will get the IP address that we create in Pool of VPN. Click + and then assign name of pool and assign address of pool.
  • 42. P a g e 42 | 73 Create VPN Profile Go to PPP > Profile assign name of profile and put Local address and choose Remote address, don’t forget put DNS Server. Create User of VPN to authentication Go to PPP > Secrets and then assign name and password on the Profile point just choose Profile of VPN that you created.
  • 43. P a g e 43 | 73 8.Configure VPN Client We need to configure VPN Client to let client can remote to VPN Server. In Control Panel > Network and Internet > Network and Sharing Center and then follow in this picture
  • 44. P a g e 44 | 73
  • 45. P a g e 45 | 73 This the name of VPN that you create.
  • 46. P a g e 46 | 73 When it finished, it will show you like this.
  • 47. P a g e 47 | 73 When you connect VPN done, you can see the IP address of VPN Pool that you assign on Pool. Double click on VPN Connection and then click Details…
  • 48. P a g e 48 | 73 This is the IP Pool of VPN. 9.Configure VPN Site-to-Site To configure VPN Site-to-Site, the first, make sure that both of site can access to internet. On Router Site-1  Change Hostname and interface on Router (Site-1)
  • 49. P a g e 49 | 73
  • 50. P a g e 50 | 73 Assign IP address on each interface
  • 51. P a g e 51 | 73 For this point make sure you were configured NAT by masquerade and Route. And then let’s client access internet.  Create Peer Before you create peer, you should create rule of IPsec first. Please follow this picture. Why we need create peer? Because we want to get information from other site (Site-2) to communication to each other. Please follow this picture!!!
  • 52. P a g e 52 | 73 On the Address please put IP of WAN in Site-2  Change Proposal On the Proposals menu, you just double click like picture show and then, change proposals follow your encryption.
  • 53. P a g e 53 | 73  Create Policies After we create Peer and change Proposals already, please create policies to put some information of each Router to know each other. So in General menu, you just follow in this picture. NOTE: Src. Address: 192.168.5.0/24 is the Network IP of LAN in Router Site-1 Dst. Addrsss: 192.168.6.0/24 is the Network IP of LAN in Router Site-2 On the Action menu, just follow in this picture. IP 192.168.1.109 is the IP of WAN in Router Site-1 and IP 192.168.1.110 is the IP of WAN in Router Site-2
  • 54. P a g e 54 | 73  Create Firewall NAT bypass We need to create firewall nat bypass to let both of sites can communication. Please follow this picture.
  • 55. P a g e 55 | 73 For this point you must put Nat bypass rule the top of other rule in firewall Nat. On Router Site-2  Change Hostname and interface on Router (Site-2)
  • 56. P a g e 56 | 73 Assign IP on each interface
  • 57. P a g e 57 | 73 Make sure that you were configured NAT by masquerade and Route already.  Create Peer
  • 58. P a g e 58 | 73
  • 59. P a g e 59 | 73  Change Proposals  Create Policies After we create Peer and change Proposals already, please create policies to put some information of each Router to know each other. So in General menu, you just follow in this picture. NOTE: Src. Address: 192.168.6.0/24 is the Network IP of LAN in Router Site-2 Dst. Addrsss: 192.168.5.0/24 is the Network IP of LAN in Router Site-1
  • 60. P a g e 60 | 73 On the Action menu, just follow in this picture. IP 192.168.1.109 is the IP of WAN in Router Site-1 and IP 192.168.1.110 is the IP of WAN in Router Site-2  Create Firewall NAT bypass
  • 61. P a g e 61 | 73 Let’s Testing VPN Site-to-Site  On Router Site-1 The first please Test ping to IP address of Site-2
  • 62. P a g e 62 | 73 After you test ping to each other already, please test with file share. Please follow this pictures
  • 63. P a g e 63 | 73
  • 64. P a g e 64 | 73 On client of Site-2, please test access file share from Site-1  On Router Site-2
  • 65. P a g e 65 | 73
  • 66. P a g e 66 | 73 10. Configure Proxy (Cache) Enable Web Proxy
  • 67. P a g e 67 | 73 Client cannot access Internet without Proxy, so please configure proxy of client follow this pictures IP address that put is IP address of LAN.
  • 68. P a g e 68 | 73 After assign it already, please test access Internet. Transparent Proxy To make transparent proxy, you should create firewall nat (dstnat). Follow this pictures
  • 69. P a g e 69 | 73 On Action menu, please choose redirect and to port 8080 Let’s client test without assign IP of Proxy. Please follow in this pictures
  • 70. P a g e 70 | 73 Let’s client access to internet. Block websites, extensions and redirect website This point I will block youtube.com
  • 71. P a g e 71 | 73 In this point I will block extensions (.mp3) Test access to youtube.com website
  • 72. P a g e 72 | 73 Test download mp3, please follow in this pictures This point I will block sabay.com and redirect to awspl.com website. Please follow this picture
  • 73. P a g e 73 | 73 Test access sabay.com and it will redirect to awspl.com This are some references Setting up a Mikrotik Hotspot with UserManager (Step-By-Step) ~ Binary Heartbeat Howto to enable Mikrotik RouterOS Web Proxy in Transparent Mode | Syed Jahanzaib Personal Blog to Share Knowledge ! Mikrotik IPSEC Site-to-Site – TNSolutions http://routeros.butchevans.com/routeros-6.27/all_packages_mipsbe/ Limit number connection based on user profile, Mikrotik Hotspot - OA Ultimate